Q2 2010: more than half a billion infection attempts

23 Aug 2010Virus News

Kaspersky Lab, a leading developer of secure content management solutions, has released its report on information security threats in the second quarter of 2010.

During this period, the company's products blocked more than 540 million attempts to infect computers around the world. The countries most targeted were China (17.09% of all attacks), Russia (11.36%), India (9.30%), the USA (5.96%) and Vietnam (5.44%).

Cybercriminals used all possible attack vectors and techniques, both old and new, along with scams, in order to make profits.

Targeting vulnerabilities in commonly used programs and services is one traditional method often used by cybercriminals. Vulnerabilities are targeted in order to infect machines with specially crafted code – exploits - which automates the work of the hackers. Eight and a half million exploits were detected during the reporting period, with the most common being malware which targets vulnerabilities in Adobe Reader.

Overall, more than 33 million vulnerable applications and files were identified on users' computers during Q2 2010. More than seven unpatched vulnerabilities were found on one in four computers.

Cybercriminals track information about vulnerabilities in commonly used software and services, and often start massively exploiting vulnerabilities before a patch can be released. Because of this, researchers have to be careful about what information is given about the vulnerabilities they have identified. "On the one hand, identifying a vulnerability means that the vendors will try to release a patch as soon as possible. On the other, this puts a weapon into the hands of the cybercriminals, which they will obviously use as effectively as possibly" the report mentions.

This meant that only a few days after information appeared on how it was possible to run executable files embedded in PDF documents, hackers flooded mailboxes around the world with specially crafted PDF documents. Opening the message attachment led to vulnerable computers being infected by a bot, and consequently becoming part of a botnet.

Cybercriminals are exploiting the popularity of social networking sites with new scams. For instance, Likejacking is a new type of attack on Facebook. It appeared along with the "Like" function, which account holders could use to create lists of objects they like. Clicking on an attractive link, the user ends up on a page which includes JavaScript; a click anywhere on the page activates the "Like" function, sending a link to the page to everyone in the user's friend list. This means that the number of visits to the site will snowball, and cybercriminals were paid for the increase in traffic by a certain advertising company.

Another innovation during Q2 was the ability to create and manage botnets via Twitter accounts. Hackers were able to publish botnet commands in the form of text on an account page. Happily, Twitter administrators discovered the problem quickly and were able to promptly block all malicious accounts.